ABS-CBN shopping sites hacked; customer payment data compromised

Manila, Philippines – One of the news and entertainment
giant, ABS-CBN took down two of its online shopping sites on Wednesday, September
19 and was reportedly hacked; customer payment data might have been stolen.

The said security breached was confirmed a day after Dutch
security researcher Willem “gwillem” de Groot wrote about it on his website and
Twitter account.

Reportedly, de Groot discovered a payment skimmer which has
been running since August 16, 2018, in ABS-CBN’s online store. The skimmer
allegedly intercepts the customer’s payment details when they shop, and data
was sent to Russian servers.

“Personal information and credit cards are intercepted while
people shop for merchandise for one of the 90+ television shows. The stolen data
is sent onwards to a server registered in Irkutsk, Russia.

The credit cards and
identities are then (presumably) sold on the black market,” de Groot claimed.

He said that this hacking incident has similarities with the
earlier hacking of the British Airways and Ticketmaster websites - wherein
malware was found to have intercepted transactions as customers checked out.

“ABS-CBN is the latest target in a series of high profile
skimming operations. Previously, British Airways and Ticketmaster admitted
massive credit card theft of their customers. The methodology found at these
crime scenes is the same: browser-based interception during the checkout
process. This method is quickly gaining popularity because it defeats the
security of encrypted connections (https/SSL),” the Dutch security researcher
said

Meanwhile, stock shares in the broadcast giant fell by 3.13
percent to P20.10 apiece following the reports of the hacking incident.*

De Groot cited that he did not get an immediate response
from ABS CBN when he informed the company about the breach on Tuesday.

“Filipinos are recommended to carefully check their credit
card statements for unauthorized payments,” he said.

The Lopez-led broadcast giant disclosed to the Philippine
Stock Exchange that personal data of 213 customers of its online shopping platforms,
ABS-CBN Store and the UAAP (University Athletic Association of the Philippines)
Store, might have been exposed following breach.

With this, ABS-CBN was forced to temporarily stop the
operations of the two online shopping sites on Wednesday morning.

“Personal information and credit card details of our
customers may have been exposed,” it said, adding that affected customers had
been notified.

“[I]nvestigation is still ongoing,” it added.

It also said that the hacking incident was an “isolated”
case and did not affect other properties of ABS CBN, and added that National
Privacy Commission was already alerted about the incident.

It also advised the customers to be vigilant against
scammers claiming to be an employee of ABS CBN.

ABS CBN’s online store sells merchandises like accessories,
books, magazines, CDs, and DVDs, as well as novelties that are related to the
company’s shows and programs.